VDB
SEVD-2023-010-04
SEVD-2023-010-04
PUBLISHED
CVSS 7.400000095367432 HIGH
Schneider Electric is aware of a vulnerability in its EcoStruxure™ Power SCADA Anywhere product. EcoStruxure™ Power SCADA Anywhere is an on-premises software that provides remote web browser access to the EcoStruxure Power Operation desktop HMI client application and its operator interface. Failure to apply with the mitigations provided below may risk an authenticated user to escape from the context of EcoStruxure™ Power SCADA Anywhere into the Operating System (OS), which could result in arbitrary OS commands being executed on the system.
Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric EcoStruxure™ Power SCADA Anywhere version 2022 | ||
| Schneider Electric EcoStruxure™ Power SCADA Anywhere version 9.0 | ||
| Schneider Electric EcoStruxure™ Power SCADA Anywhere version 2020 | ||
| Schneider Electric EcoStruxure™ Power SCADA Anywhere version 8.x | ||
| Schneider Electric EcoStruxure™ Power SCADA Anywhere version 2021 | ||
| Schneider Electric EcoStruxure™ Power SCADA Anywhere version 2020 R2 |
Timeline
- Jan 10, 2023 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-04_EcoStruxure_Power_SCADA_Anywhere_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-010-04.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules fix